| < draft-ietf-oauth-json-web-token-30.txt | draft-ietf-oauth-json-web-token-31.txt > | |||
|---|---|---|---|---|
| OAuth Working Group M. Jones | OAuth Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track J. Bradley | Intended status: Standards Track J. Bradley | |||
| Expires: April 27, 2015 Ping Identity | Expires: May 23, 2015 Ping Identity | |||
| N. Sakimura | N. Sakimura | |||
| NRI | NRI | |||
| October 24, 2014 | November 19, 2014 | |||
| JSON Web Token (JWT) | JSON Web Token (JWT) | |||
| draft-ietf-oauth-json-web-token-30 | draft-ietf-oauth-json-web-token-31 | |||
| Abstract | Abstract | |||
| JSON Web Token (JWT) is a compact, URL-safe means of representing | JSON Web Token (JWT) is a compact, URL-safe means of representing | |||
| claims to be transferred between two parties. The claims in a JWT | claims to be transferred between two parties. The claims in a JWT | |||
| are encoded as a JavaScript Object Notation (JSON) object that is | are encoded as a JavaScript Object Notation (JSON) object that is | |||
| used as the payload of a JSON Web Signature (JWS) structure or as the | used as the payload of a JSON Web Signature (JWS) structure or as the | |||
| plaintext of a JSON Web Encryption (JWE) structure, enabling the | plaintext of a JSON Web Encryption (JWE) structure, enabling the | |||
| claims to be digitally signed or MACed and/or encrypted. | claims to be digitally signed or MACed and/or encrypted. | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 27, 2015. | This Internet-Draft will expire on May 23, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 17, line 23 ¶ | skipping to change at page 17, line 23 ¶ | |||
| Values are registered on a Specification Required [RFC5226] basis | Values are registered on a Specification Required [RFC5226] basis | |||
| after a three-week review period on the jwt-reg-review@ietf.org | after a three-week review period on the jwt-reg-review@ietf.org | |||
| mailing list, on the advice of one or more Designated Experts. | mailing list, on the advice of one or more Designated Experts. | |||
| However, to allow for the allocation of values prior to publication, | However, to allow for the allocation of values prior to publication, | |||
| the Designated Expert(s) may approve registration once they are | the Designated Expert(s) may approve registration once they are | |||
| satisfied that such a specification will be published. | satisfied that such a specification will be published. | |||
| Registration requests must be sent to the jwt-reg-review@ietf.org | Registration requests must be sent to the jwt-reg-review@ietf.org | |||
| mailing list for review and comment, with an appropriate subject | mailing list for review and comment, with an appropriate subject | |||
| (e.g., "Request for access token type: example"). | (e.g., "Request to register claim: example"). | |||
| Within the review period, the Designated Expert(s) will either | Within the review period, the Designated Expert(s) will either | |||
| approve or deny the registration request, communicating this decision | approve or deny the registration request, communicating this decision | |||
| to the review list and IANA. Denials should include an explanation | to the review list and IANA. Denials should include an explanation | |||
| and, if applicable, suggestions as to how to make the request | and, if applicable, suggestions as to how to make the request | |||
| successful. Registration requests that are undetermined for a period | successful. Registration requests that are undetermined for a period | |||
| longer than 21 days can be brought to the IESG's attention (using the | longer than 21 days can be brought to the IESG's attention (using the | |||
| iesg@ietf.org mailing list) for resolution. | iesg@ietf.org mailing list) for resolution. | |||
| Criteria that should be applied by the Designated Expert(s) includes | Criteria that should be applied by the Designated Expert(s) includes | |||
| skipping to change at page 20, line 23 ¶ | skipping to change at page 20, line 23 ¶ | |||
| o Required Parameters: n/a | o Required Parameters: n/a | |||
| o Optional Parameters: n/a | o Optional Parameters: n/a | |||
| o Encoding considerations: 8bit; JWT values are encoded as a series | o Encoding considerations: 8bit; JWT values are encoded as a series | |||
| of base64url encoded values (some of which may be the empty | of base64url encoded values (some of which may be the empty | |||
| string) separated by period ('.') characters. | string) separated by period ('.') characters. | |||
| o Security Considerations: See the Security Considerations section | o Security Considerations: See the Security Considerations section | |||
| of [[ this document ]] | of [[ this document ]] | |||
| o Interoperability Considerations: n/a | o Interoperability Considerations: n/a | |||
| o Published Specification: [[ this document ]] | o Published Specification: [[ this document ]] | |||
| o Applications that use this media type: OpenID Connect, Mozilla | o Applications that use this media type: OpenID Connect, Mozilla | |||
| Persona, Salesforce, Google, Android, Windows Azure, numerous | Persona, Salesforce, Google, Android, Windows Azure, Amazon Web | |||
| others | Services, and numerous others | |||
| o Fragment identifier considerations: n/a | o Fragment identifier considerations: n/a | |||
| o Additional Information: Magic number(s): n/a, File extension(s): | o Additional Information: Magic number(s): n/a, File extension(s): | |||
| n/a, Macintosh file type code(s): n/a | n/a, Macintosh file type code(s): n/a | |||
| o Person & email address to contact for further information: Michael | o Person & email address to contact for further information: Michael | |||
| B. Jones, mbj@microsoft.com | B. Jones, mbj@microsoft.com | |||
| o Intended Usage: COMMON | o Intended Usage: COMMON | |||
| o Restrictions on Usage: none | o Restrictions on Usage: none | |||
| o Author: Michael B. Jones, mbj@microsoft.com | o Author: Michael B. Jones, mbj@microsoft.com | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Provisional registration? No | o Provisional registration? No | |||
| skipping to change at page 22, line 36 ¶ | skipping to change at page 22, line 36 ¶ | |||
| [ECMAScript] | [ECMAScript] | |||
| Ecma International, "ECMAScript Language Specification, | Ecma International, "ECMAScript Language Specification, | |||
| 5.1 Edition", ECMA 262, June 2011. | 5.1 Edition", ECMA 262, June 2011. | |||
| [IANA.MediaTypes] | [IANA.MediaTypes] | |||
| Internet Assigned Numbers Authority (IANA), "MIME Media | Internet Assigned Numbers Authority (IANA), "MIME Media | |||
| Types", 2005. | Types", 2005. | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", | [JWA] Jones, M., "JSON Web Algorithms (JWA)", | |||
| draft-ietf-jose-json-web-algorithms (work in progress), | draft-ietf-jose-json-web-algorithms (work in progress), | |||
| October 2014. | November 2014. | |||
| [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | |||
| draft-ietf-jose-json-web-encryption (work in progress), | draft-ietf-jose-json-web-encryption (work in progress), | |||
| October 2014. | November 2014. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", draft-ietf-jose-json-web-signature (work | Signature (JWS)", draft-ietf-jose-json-web-signature (work | |||
| in progress), October 2014. | in progress), November 2014. | |||
| [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, | [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, | |||
| October 1969. | October 1969. | |||
| [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
| Extensions (MIME) Part Two: Media Types", RFC 2046, | Extensions (MIME) Part Two: Media Types", RFC 2046, | |||
| November 1996. | November 1996. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| skipping to change at page 28, line 30 ¶ | skipping to change at page 28, line 30 ¶ | |||
| Turner, and Tom Yu. | Turner, and Tom Yu. | |||
| Hannes Tschofenig and Derek Atkins chaired the OAuth working group | Hannes Tschofenig and Derek Atkins chaired the OAuth working group | |||
| and Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | and Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | |||
| Security area directors during the creation of this specification. | Security area directors during the creation of this specification. | |||
| Appendix E. Document History | Appendix E. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| -31 | ||||
| o Updated the example IANA registration request subject line. | ||||
| -30 | -30 | |||
| o Applied privacy wording supplied by Stephen Farrell. | o Applied privacy wording supplied by Stephen Farrell. | |||
| o Clarified where white space and line breaks may occur in JSON | o Clarified where white space and line breaks may occur in JSON | |||
| objects by referencing Section 2 of RFC 7159. | objects by referencing Section 2 of RFC 7159. | |||
| o Specified that registration reviews occur on the | o Specified that registration reviews occur on the | |||
| jwt-reg-review@ietf.org mailing list. | jwt-reg-review@ietf.org mailing list. | |||
| End of changes. 10 change blocks. | ||||
| 10 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||